Healthcare Information Security

Patient Privacy

HIPAA requires providers using Skype to have BAAs

by Nicole Freeman

As expanding technology gives doctors new ways to contact patients and share their information HIPAA compliance questions continually pop up. Do the products being used protect patient data? Are additional safeguards required to comply with HIPAA?...

HIPAA self-payment option complicates patient privacy

by Patrick Ouellette

On the surface, the provision in the HIPAA Omnibus Rule that allows a patient to prevent a provider from reporting information to a health insurer if the patient pays in full may sound relatively straightforward. But this section of the Final...

FDNY privacy notice raises concern for data sale

by Nicole Freeman

The Fire Department City of New York (FDNY) has issued a patient privacy notice that states a patient’s protected health information (PHI) may be used for marketing or fundraising and potentially sold, according to a report from the New York...

Valley Hospital uses remote IT support to augment security

by Patrick Ouellette

In an ideal world, healthcare IT users would be able to walk down the hall and discuss any sort of clinical, technical or compliance issues with their organization’s on-site staff. But because many big healthcare networks span across many...

Patient provider changes: Data privacy, access considerations

by Patrick Ouellette

Transferring patient records between providers creates a litany of pressing issues, not the least of which is ensuring the records remain private while retaining accessibility for clinical staff. WCPO recently reported on the difficult position...

Patient privacy questioned in DEA data request

by Nicole Freeman

The government’s use of warrantless subpoenas is coming under fire in a case between the American Civil Liberties Union (ACLU) and the state of Oregon, and the US Drug Enforcement Administration (DEA), according to a report from The Bulletin....

Coordinating healthcare data privacy with security objectives

by Patrick Ouellette

Last week, we discussed some current privacy initiatives and concentrations with Kevin Haynes, the Chief Privacy Officer of Nemours, on But in addition to his own work, Haynes described how patient privacy work must align...

Nemours Chief Privacy Officer focuses on training, awareness

by Patrick Ouellette

Though healthcare privacy can often (and incorrectly) be grouped together with security, patient privacy shouldn’t be understated in a healthcare setting. In fact, privacy training, procedures, auditing and monitoring, compliance, controls,...

Patient privacy questions pop up at health-screening kiosks

by Patrick Ouellette

Patient data privacy concerns are no longer limited to the confines of a healthcare organization or even their own home, as an interesting report from California described the privacy issues created by health-screening kiosks. Similar questions...

HHS releases proposed rule on HIPAA, mental health reports

by Patrick Ouellette

Almost a year after issuing an Advance Notice of Proposed Rulemaking (ANPRM) in the Federal Register, the Department of Health and Human Services (HHS) has released a proposed rule based on comments regarding the HIPAA Privacy Rule and the National...

Healthcare CIO: Providers have increased focus in security

by Patrick Ouellette

Beth Israel Deaconess Medical Center (BIDMC) CIO John Halamka recently wrote a blog post with some final thoughts and key events of 2013. No. 3 on his list was security and privacy turning into healthcare Board-level priorities. There are new...

Bitcoin in healthcare: The value v. security debate

by Patrick Ouellette

Among the more polarizing topics in IT at the moment is the fluctuating value of the bitcoin. We recently wrote about some of the benefits and risks of the Bitcoin in healthcare on and there has been plenty of action and...

Assessing Bitcoin’s benefits, security risks in healthcare

by Patrick Ouellette

Because of the prevalence of medical identity fraud in the healthcare industry, healthcare providers are beginning to think outside of the box as to how to keep their patients’ data private. San Francisco physician Paul Abramson has made...

Tennessee Supreme Court, trial court differ on HIPAA ruling

by Patrick Ouellette

How each state’s different courts interpret HIPAA compliance in relation to individual lawsuits can prove to be worth paying attention to, as the Tennessee Supreme Court dismissed a woman’s lawsuit because she failed to comply with HIPAA’s...

Reviewing EHR patient portal authentication levels

by Patrick Ouellette

While EHR patient portals are tied to the EHR Meaningful Use Program’s patient engagement requirements, securing and authenticating user access is a critical part of the process. During iHT2’s “Secure Access for Web-based Patient Portals...

GAO boosts HIT Policy Committee privacy, security expertise

by Patrick Ouellette

Government Accountability Office (GAO) head Gene L. Dodaro announced last week that GAO had appointed three new members to the Health Information Technology (HIT) Policy Committee. David Kotz, PhD, will serve as a committee privacy and security...

Patient portal privacy: Authentication, password management

by Patrick Ouellette

Much of a healthcare privacy and security professional’s daily life revolves around trying not to impede IT innovation while securing patient data and efforts to achieve this state of equilibrium apply to EHR patient portals as well. Adam...

Physicians on social media must ensure patient privacy

by Patrick Ouellette

For all intents and purposes, most social media platforms are still considered the “Wild West” for clinical staff members that have been tasked with engaging with patients regularly while respecting their privacy as well.  The Rhode...

EHR patient portal security concerns and tips

by Patrick Ouellette

Though EHR patient portals only allow access to a portion of medical record to patients and not all clinical notes included in these portals, the privacy and security of these portals remains a hot topic of conversation. Even if merely appointment...

Weighing healthcare CISO short-term goals v. innovation

by Dom Nicastro

Healthcare CISOs are like any other IT professional in that the quest for long-term innovation can often be stifled by short-term needs. The trick to meeting long-term privacy and security goals can be stepping back from the day-to-day from time...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks